Merge f9e250f60bb87b2e4d2fab3c6cb726a7b4a0922b into 885278c045d6d7c865f0e7e5937f86057ce22b33

.dockerignore

@@ -0,0 +1 @@
+charts

charts/frpc/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/frpc/Chart.yaml

@@ -0,0 +1,7 @@
+apiVersion: v2
+name: frpc
+description: A Helm chart Fast Reverse Proxy Client
+
+type: application
+version: 0.1.0
+appVersion: "v0.56.0"

charts/frpc/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "frpc.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "frpc.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "frpc.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "frpc.labels" -}}
+helm.sh/chart: {{ include "frpc.chart" . }}
+{{ include "frpc.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "frpc.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "frpc.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "frpc.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "frpc.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

charts/frpc/templates/certificate.yaml

@@ -0,0 +1,41 @@
+{{- if and .Values.mTLS.enabled (eq .Values.mTLS.existingSecret "") }}
+{{- if eq .Values.mTLS.certificatePEM "" }}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ printf "%s-client" (include "frpc.fullname" .) }}
+spec:
+  commonName: {{ .Values.mTLS.commonName }}
+  issuerRef:
+    {{- .Values.mTLS.issuerRef | toYaml | nindent 4 }}
+  {{- with .Values.mTLS.subject }}
+  subject:
+    {{- . | toYaml | nindent 4 }}
+  {{- end }}
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+  usages:
+    - client auth
+  secretName: {{ printf "%s-client" (include "frpc.fullname" .) }}
+---
+{{- else }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ printf "%s-client-ca" (include "frpc.fullname" .) }}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ .Values.mTLS.certificatePEM | b64enc | quote }}
+  tls.key: {{ required "Both PEM and KEY are required" .Values.mTLS.certificateKEY | b64enc | quote }}
+---
+{{- end }}
+{{- end }}
+{{- if ne .Values.mTLS.trustedCA "" }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ printf "%s-ca" (include "frpc.fullname" .) }}
+data:
+  ca.crt: {{ .Values.mTLS.trustedCA | b64enc | quote }}
+{{- end}}

charts/frpc/templates/config.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "frpc.fullname" . }}
+data:
+  frpc.yaml: |
+    {{- tpl (.Values.config | toYaml) $  | nindent 4 }}

charts/frpc/templates/dashboard-service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "frpc.fullname" . }}-dashboard
+  labels:
+    {{- include "frpc.labels" . | nindent 4 }}
+  {{- with .Values.dashboardService.annotations }}
+  annotations:
+    {{- . | toYaml | nindent 4 }}
+  {{- end }}
+spec:
+  type: {{ .Values.dashboardService.type }}
+  ports:
+    - port: {{ .Values.dashboardService.port }}
+      targetPort: dashboard
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "frpc.selectorLabels" . | nindent 4 }}

charts/frpc/templates/deployment.yaml

@@ -0,0 +1,85 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "frpc.fullname" . }}
+  labels:
+    {{- include "frpc.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "frpc.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }}
+      {{- with .Values.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "frpc.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "frpc.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          args:
+            - "-c"
+            - "/var/frp/conf/frpc.yaml"
+          ports:
+            - name: dashboard
+              containerPort: {{ .Values.config.webServer.port }}
+              protocol: TCP
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+            - mountPath: /var/frp/conf
+              name: config
+          {{- if ne .Values.mTLS.trustedCA "" }}
+            - mountPath: /var/frp/tls
+              name: tls
+          {{- end }}
+          {{- if .Values.mTLS.enabled}}
+            - mountPath: /var/frp/mtls
+              name: mtls
+          {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+        - name: config
+          configMap:
+            name: {{ include "frpc.fullname" . }}
+        {{- if ne .Values.mTLS.trustedCA "" }}
+        - name: tls
+          secret:
+            secretName: {{ printf "%s-ca" (include "frpc.fullname" .) }}
+        {{- end }}
+        {{- if .Values.mTLS.enabled}}
+        - name: mtls
+          secret:
+            secretName: {{ .Values.mTLS.existingSecret | default (printf "%s-client-ca" (include "frpc.fullname" .)) }}
+            items:
+              - key: tls.crt
+                path: tls.crt
+              - key: tls.key
+                path: tls.key
+        {{- end }}

charts/frpc/templates/serviceaccount.yaml

@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "frpc.serviceAccountName" . }}
+  labels:
+    {{- include "frpc.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

charts/frpc/values.yaml

@@ -0,0 +1,126 @@
+replicaCount: 1
+
+image:
+  repository: fatedier/frpc
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: ""
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+dashboardService:
+  type: ClusterIP
+  port: 8080
+  containerPort: 7500
+  annotations: {}
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+mTLS:
+  enabled: false
+  existingSecret: ""
+  certificatePEM: ""
+  certificateKEY: ""
+  trustedCA: ""
+  commonName: "Fast Reverse Proxy mTLS client"
+  subject: {}
+  issuerRef:
+    group: cert-manager.io
+    kind: Issuer
+    name: frps-client-ca
+
+config:
+  serverAddr: "0.0.0.0"
+  serverPort: 443
+
+  webServer:
+    addr: "0.0.0.0"
+    port: 7500
+    user: "admin"
+    password: "admin"
+
+  transport:
+    protocol: "wss"
+    tls:
+      certFile: '{{ .Values.mTLS.enabled | ternary "/var/frp/mtls/tls.crt" "" }}'
+      keyFile: '{{ .Values.mTLS.enabled | ternary "/var/frp/mtls/tls.key" "" }}'
+      trustedCaFile : '{{ eq .Values.mTLS.trustedCA "" | ternary "" "/var/frp/tls/ca.crt" }}'
+      disableCustomTLSFirstByte: true
+
+
+  proxies: []
+#    - name: "ssh"
+#      type: "tcp"
+#      localIP: "127.0.0.1"
+#      localPort: 22
+#      transport:
+#        # Limit bandwidth for this proxy, unit is KB and MB
+#        bandwidthLimit: "1MB"
+#        # Where to limit bandwidth, can be 'client' or 'server', default is 'client'
+#        bandwidthLimitMode: "client"
+#        # If true, traffic of this proxy will be encrypted, default is false
+#        tuseEncryption: false
+#        # If true, traffic will be compressed
+#        useCompression: false
+#      # Remote port listen by frps
+#      remotePort: 6001
+#
+#      loadBalancer:
+#        # frps will load balancing connections for proxies in same group
+#        group: "test_group"
+#        # group should have same group key
+#        groupKey: "123456"
+#      # Enable health check for the backend service, it supports 'tcp' and 'http' now.
+#      # frpc will connect local service's port to detect it's healthy status
+#      healthCheck:
+#        type: "tcp"
+#        # Health check connection timeout
+#        timeoutSeconds: 3
+#        # If continuous failed in 3 times, the proxy will be removed from frps
+#        maxFailed: 3
+#        # Every 10 seconds will do a health check
+#        intervalSeconds: 10
+#      # Additional meta info for each proxy. It will be passed to the server-side plugin for use.
+#      metadatas:
+#        var1: "abc"
+#        var2: "123"

charts/frps/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/frps/Chart.yaml

@@ -0,0 +1,7 @@
+apiVersion: v2
+name: frps
+description: A Helm chart Fast Reverse Proxy Server
+
+type: application
+version: 0.1.0
+appVersion: "v0.56.0"

charts/frps/templates/_helpers.tpl

@@ -0,0 +1,68 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "frps.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "frps.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "frps.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "frps.labels" -}}
+helm.sh/chart: {{ include "frps.chart" . }}
+{{ include "frps.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "frps.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "frps.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "frps.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "frps.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{- define "frps.trustedCaFile" -}}
+{{- if .Values.mTLS.enabled }}
+{{- printf "/var/frp/mtls/%s" .Values.mTLS.key }}
+{{- end }}
+{{- end }}

charts/frps/templates/certificate.yaml

@@ -0,0 +1,56 @@
+{{- if eq .Values.certificate.existingSecret "" }}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ include "frps.fullname" . }}
+spec:
+  issuerRef:
+    {{- .Values.certificate.issuerRef | toYaml | nindent 4 }}
+  dnsNames:
+    {{- .Values.certificate.dnsNames | toYaml | nindent 4 }}
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+  secretName: {{ include "frps.fullname" . }}
+---
+{{- end }}
+{{- if and .Values.mTLS.enabled (eq .Values.mTLS.existingSecret "") }}
+{{- if eq .Values.mTLS.certificatePEM "" }}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ printf "%s-client-ca" (include "frps.fullname" .) }}
+spec:
+  commonName: {{ .Values.mTLS.commonName }}
+  issuerRef:
+    {{- .Values.mTLS.issuerRef | toYaml | nindent 4 }}
+  {{- with .Values.mTLS.subject }}
+  subject:
+    {{- . | toYaml | nindent 4 }}
+  {{- end }}
+  isCA: true
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+  secretName: {{ printf "%s-client-ca" (include "frps.fullname" .) }}
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: {{ printf "%s-client-ca" (include "frps.fullname" .) }}
+spec:
+  ca:
+    secretName: {{ printf "%s-client-ca" (include "frps.fullname" .) }}
+---
+{{- else }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ printf "%s-client-ca" (include "frps.fullname" .) }}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ .Values.mTLS.certificatePEM | b64enc | quote }}
+  tls.key: ""
+---
+{{- end }}
+{{- end }}

charts/frps/templates/config.yaml

@@ -0,0 +1,43 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "frps.fullname" . }}
+data:
+  frps.toml: |
+  {{- range $elem, $elemVal := .Values.config }}
+    {{- if not (kindIs "map" $elemVal) }}
+    {{- if kindIs "invalid" $elemVal }}
+    {{ $elem }} =
+    {{- else if kindIs "string" $elemVal }}
+    {{- $tplElemVal := tpl $elemVal $ }}
+    {{- if eq $tplElemVal $elemVal }}
+    {{ $elem }} = {{ $elemVal | quote }}
+    {{- else }}
+    {{ $elem }} = {{ $tplElemVal }}
+    {{- end }}
+    {{- else }}
+    {{ $elem }} = {{ $elemVal }}
+    {{- end }}
+    {{- end }}
+  {{- end }}
+  {{- range $key, $value := .Values.config }}
+    {{- if kindIs "map" $value }}
+
+    [[{{ $key }}]]
+    {{- range $elem, $elemVal := $value }}
+    {{- if kindIs "invalid" $elemVal }}
+    {{ $elem }} =
+    {{- else if kindIs "string" $elemVal }}
+    {{- $tplElemVal := tpl $elemVal $ }}
+    {{- if eq $tplElemVal $elemVal }}
+    {{ $elem }} = {{ $elemVal | quote }}
+    {{- else }}
+    {{ $elem }} = {{ $tplElemVal }}
+    {{- end }}
+    {{- else }}
+    {{ $elem }} = {{ $elemVal }}
+    {{- end }}
+    {{- end }}
+    {{- end }}
+  {{- end }}
+

charts/frps/templates/dashboard-service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "frps.fullname" . }}-dashboard
+  labels:
+    {{- include "frps.labels" . | nindent 4 }}
+  {{- with .Values.dashboardService.annotations }}
+  annotations:
+    {{- . | toYaml | nindent 4 }}
+  {{- end }}
+spec:
+  type: {{ .Values.dashboardService.type }}
+  ports:
+    - port: {{ .Values.dashboardService.port }}
+      targetPort: dashboard
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "frps.selectorLabels" . | nindent 4 }}

charts/frps/templates/deployment.yaml

@@ -0,0 +1,95 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "frps.fullname" . }}
+  labels:
+    {{- include "frps.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "frps.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }}
+      {{- with .Values.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "frps.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "frps.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          args:
+            - "-c"
+            - "/var/frp/conf/frps.toml"
+          ports:
+            - name: bind
+              containerPort: {{ .Values.service.containerPort }}
+              protocol: TCP
+            - name: dashboard
+              containerPort: {{ .Values.dashboardService.containerPort }}
+              protocol: TCP
+              {{- if .Values.internalService.enabled }}
+            - name: https
+              containerPort: {{ .Values.internalService.containerPort }}
+              protocol: TCP
+              {{- end }}
+{{/*          livenessProbe:*/}}
+{{/*            httpGet:*/}}
+{{/*              path: /*/}}
+{{/*              port: http*/}}
+{{/*          readinessProbe:*/}}
+{{/*            httpGet:*/}}
+{{/*              path: /*/}}
+{{/*              port: http*/}}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+            - mountPath: /var/frp/conf
+              name: config
+            - mountPath: /var/frp/tls
+              name: tls
+          {{- if .Values.mTLS.enabled}}
+            - mountPath: /var/frp/mtls
+              name: mtls
+          {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+        - name: config
+          configMap:
+            name: {{ include "frps.fullname" . }}
+        - name: tls
+          secret:
+            secretName: {{ .Values.certificate.existingSecret | default (include "frps.fullname" .) }}
+        {{- if .Values.mTLS.enabled}}
+        - name: mtls
+          secret:
+            secretName: {{ .Values.mTLS.existingSecret | default (printf "%s-client-ca" (include "frps.fullname" .)) }}
+            items:
+              - key: {{ .Values.mTLS.key }}
+                path: {{ .Values.mTLS.key }}
+        {{- end }}

charts/frps/templates/internal-service.yaml

@@ -0,0 +1,21 @@
+{{- if .Values.internalService.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "frps.fullname" . }}-internal
+  labels:
+    {{- include "frps.labels" . | nindent 4 }}
+  {{- with .Values.internalService.annotations }}
+  annotations:
+    {{- . | toYaml | nindent 4 }}
+  {{- end }}
+spec:
+  type: {{ .Values.internalService.type }}
+  ports:
+    - port: {{ .Values.internalService.port }}
+      targetPort: https
+      protocol: TCP
+      name: https
+  selector:
+    {{- include "frps.selectorLabels" . | nindent 4 }}
+{{- end }}

charts/frps/templates/service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "frps.fullname" . }}
+  labels:
+    {{- include "frps.labels" . | nindent 4 }}
+  {{- with .Values.service.annotations }}
+  annotations:
+    {{- . | toYaml | nindent 4 }}
+  {{- end }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: bind
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "frps.selectorLabels" . | nindent 4 }}

charts/frps/templates/serviceaccount.yaml

@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "frps.serviceAccountName" . }}
+  labels:
+    {{- include "frps.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

charts/frps/values.yaml

@@ -0,0 +1,106 @@
+replicaCount: 1
+
+image:
+  repository: fatedier/frps
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: ""
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+service:
+  type: LoadBalancer
+  port: 443
+  containerPort: 7000
+  annotations: {}
+
+dashboardService:
+  type: ClusterIP
+  port: 8080
+  containerPort: 7500
+  annotations: {}
+
+internalService:
+  enabled: false
+  type: ClusterIP
+  port: 443
+  containerPort: 443
+  annotations: {}
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+certificate:
+  existingSecret: ""
+  dnsNames: []
+  issuerRef:
+    group: cert-manager.io
+    kind: ClusterIssuer
+    name: letsencrypt-prod
+
+mTLS:
+  enabled: false
+  existingSecret: ""
+  certificatePEM: ""
+  key: tls.crt
+  commonName: "Fast Reverse Proxy mTLS"
+  subject: {}
+  issuerRef:
+    group: cert-manager.io
+    kind: ClusterIssuer
+    name: selfsigned
+
+config:
+  bindAddr: "0.0.0.0"
+  bindPort: "{{ .Values.service.containerPort }}"
+
+  webServer.addr: "0.0.0.0"
+  webServer.port: "{{ .Values.dashboardService.containerPort }}"
+  webServer.user: "admin"
+  webServer.password: "admin"
+
+  vhostHTTPSPort: "{{ .Values.internalService.enabled | ternary .Values.internalService.containerPort .Values.service.containerPort }}"
+
+  transport.tls.force: true
+  transport.tls.certFile: "/var/frp/tls/tls.crt"
+  transport.tls.keyFile: "/var/frp/tls/tls.key"
+  transport.tls.trustedCaFile : '{{ include "frps.trustedCaFile" . | quote }}'